New peername element in X509_VERIFY_PARAM_ID.

Declaration, memory management, accessor and documentation. (Imported from upstream's 1eb57ae2b78c119bfba7ab647951130e968d1664.) Change-Id: Ifa9672e46445e44a78001b0f9430a93c138d73d7
2015-02-11 15:30:17 -08:00 · 2015-02-11 15:30:17 -08:00 · d0f5df2d71
commit d0f5df2d71
parent 82fc3bd333
3 changed files with 13 additions and 1 deletions
--- a/crypto/x509/vpm_int.h
+++ b/crypto/x509/vpm_int.h
@ -62,6 +62,7 @@ struct X509_VERIFY_PARAM_ID_st
 	{
 	STACK_OF(OPENSSL_STRING) *hosts;	/* Set of acceptable names */
 	unsigned int hostflags;	/* Flags to control matching features */
+	char *peername;		/* Matching hostname in peer certificate */
 	unsigned char *email;	/* If not NULL email address to match */
 	size_t emaillen;
 	unsigned char *ip;	/* If not NULL IP address to match */
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@ -143,6 +143,11 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
 		string_stack_free(paramid->hosts);
 		paramid->hosts = NULL;
 		}
+	if (paramid->peername)
+		{
+		OPENSSL_free(paramid->peername);
+		paramid->peername = NULL;
+		}
 	if (paramid->email)
 		{
 		OPENSSL_free(paramid->email);
@ -476,6 +481,11 @@ void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
 	param->id->hostflags = flags;
 	}

+char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)
+	{
+	return param->id->peername;
+	}
+
 int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
 				const unsigned char *email, size_t emaillen)
 	{
@ -511,7 +521,7 @@ const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param)
 	return param->name;
 	}

-static const X509_VERIFY_PARAM_ID _empty_id = {NULL, 0U, NULL, 0, NULL, 0};
+static const X509_VERIFY_PARAM_ID _empty_id = {NULL, 0U, NULL, NULL, 0, NULL, 0};

 #define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id

--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@ -560,6 +560,7 @@ OPENSSL_EXPORT int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
 					       size_t namelen);
 OPENSSL_EXPORT void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
 					unsigned int flags);
+OPENSSL_EXPORT char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);
 OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
 				const unsigned char *email, size_t emaillen);
 OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,